$ curl https:\/\/deb.releases.teleport.dev\/teleport-pubkey.asc | sudo apt-key add -<\/pre>\nTo add repo to APT, run the command as shown below.<\/p>\n
$ sudo add-apt-repository 'deb https:\/\/deb.releases.teleport.dev\/ stable main'<\/pre>\nTo update APT Cache, run the command as shown below.<\/p>\n
$ sudo apt-get update<\/pre>\nFinally to Install Teleport, run the command as shown below.<\/p>\n
$ sudo apt install teleport<\/pre>\nConfiguration of teleport<\/h2>\n
For the configuration of teleport, simply run the configuration and save it with yaml format. For further details, check the configuration as shown below with the use of your favorite editor.<\/p>\n
$ sudo vim \/etc\/teleport.yaml<\/pre>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-150.png\")
<\/p>\n
teleport:\r\n\r\nnodename: linuxways\r\n\r\ndata_dir: \/var\/lib\/teleport\r\n\r\nlog:\r\n\r\noutput: stderr\r\n\r\nseverity: INFO\r\n\r\nformat:\r\n\r\noutput: text\r\n\r\nca_pin: []\r\n\r\ndiag_addr: \"\"\r\n\r\nauth_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\ncluster_name: \"teleport\"\r\n\r\nlisten_addr: 0.0.0.0:3025\r\n\r\ntokens:\r\n\r\n- proxy,node,app:e6cebf660b1f3390f204130b9649\r\n\r\npublic_addr: 5.22.209.65:3025\r\n\r\nssh_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\nlabels:\r\n\r\nenv: example\r\n\r\ncommands:\r\n\r\n- name: hostname\r\n\r\ncommand: [hostname]\r\n\r\nperiod: 1m0s\r\n\r\napp_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\ndebug_app: true\r\n\r\nproxy_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\nlisten_addr: 0.0.0.0:3023\r\n\r\nweb_listen_addr: 0.0.0.0:3080\r\n\r\ntunnel_listen_addr: 0.0.0.0:3024\r\n\r\npublic_addr: 5.22.209.65:3080<\/pre>\nFor the configuration to work properly, the directory \/var\/lib\/teleport<\/strong> must be provided with right permissions which enable teleport and tctl to read and write without issue. Run the command as shown below for that purpose.<\/p>\n$ sudo chmod 755 -R \/var\/lib\/teleport\/<\/pre>\nConfiguration of Domain Name System<\/h2>\n
You have to provide the certificate for the secure https protocol. It is possible with the certificate that you already have or by creating a self sign certificate or add the DNS like tele.example.com pointing to your public ip and run commands with the use of ACME protocol that request TLS certificates to be automatically available from Let’s Encrypt. It accesses an HTTP endpoint on your Teleport host in order to complete authentication challenges.<\/p>\n
$ sudo teleport configure --acme --acme-email=your-email@example.com --cluster-name=tele.example.com -o file<\/pre>\nOr create a self sign certificate and<\/p>\n
$ sudo openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout \/etc\/pki\/tls\/private\/teleport.key -out \/etc\/pki\/tls\/certs\/teleport.crt<\/pre>\nAfter the creation of the certificate, add those certificates on the configuration of the teleport as shown below.<\/p>\n
$ sudo vim \/etc\/teleport.yaml<\/pre>\nteleport:\r\n\r\nnodename: linuxways\r\n\r\ndata_dir: \/var\/lib\/teleport\r\n\r\nlog:\r\n\r\noutput: stderr\r\n\r\nseverity: INFO\r\n\r\nformat:\r\n\r\noutput: text\r\n\r\nca_pin: []\r\n\r\ndiag_addr: \"\"\r\n\r\nauth_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\ncluster_name: \"teleport\"\r\n\r\nlisten_addr: 0.0.0.0:3025\r\n\r\ntokens:\r\n\r\n- proxy,node,app:e6cebf660b1f3390f204130b9649\r\n\r\npublic_addr: 5.22.209.65:3025\r\n\r\nssh_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\nlabels:\r\n\r\nenv: example\r\n\r\ncommands:\r\n\r\n- name: hostname\r\n\r\ncommand: [hostname]\r\n\r\nperiod: 1m0s\r\n\r\napp_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\ndebug_app: true\r\n\r\nproxy_service:\r\n\r\nenabled: \u201cyes\u201d\r\n\r\nlisten_addr: 0.0.0.0:3023\r\n\r\nweb_listen_addr: 0.0.0.0:3080\r\n\r\ntunnel_listen_addr: 0.0.0.0:3024\r\n\r\npublic_addr: 5.22.209.65:3080<\/pre>\n https_keypairs:<\/strong><\/p>\n - key_file: \/etc\/pki\/tls\/private\/teleport1.key<\/strong><\/pre>\n cert_file: \/etc\/pki\/tls\/certs\/teleport1.crt<\/strong><\/pre>\nConfiguration of Teleport service and start the service<\/h2>\n
Let’s create a systemd service for the teleport service with the commands as shown below.<\/p>\n
$ sudo vim \/etc\/systemd\/system\/teleport.service<\/pre>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-151.png\")
<\/p>\n
[Unit]\r\n\r\nDescription=Teleport SSH Service\r\n\r\nAfter=network.target\r\n\r\n[Service]\r\n\r\nType=simple\r\n\r\nRestart=on-failure\r\n\r\nEnvironmentFile=-\/etc\/default\/teleport\r\n\r\nExecStart=\/usr\/local\/bin\/teleport start --pid-file=\/run\/teleport.pid\r\n\r\nExecReload=\/bin\/kill -HUP $MAINPID\r\n\r\nPIDFile=\/run\/teleport.pid\r\n\r\nLimitNOFILE=8192\r\n\r\n[Install]\r\n\r\nWantedBy=multi-user.target<\/pre>\nNow, let’s run the command as shown below to reload the daemon, enable and start the service.<\/p>\n
$ sudo systemctl daemon-reload<\/pre>\n$ sudo systemctl start teleport<\/pre>\n$ sudo systemctl enable teleport<\/pre>\nTo check the status of the teleport service, run the command as shown below.<\/p>\n
$ sudo systemctl status teleport.service<\/pre>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-152.png\")
<\/p>\n
Creating the teleport user with the set up of two-factor authentication<\/h3>\n
To login, you must have a user with the right privilege. By default, teleport enforces the use of two factor authentication so we are creating a user with username admin-user using the two factor authentication with the use of google authenticator. You can use other ways of authentication available on the options too.<\/p>\n
Run the command as shown below to create the user.<\/p>\n
$ sudo tctl users add admin-user --roles=editor,access --logins=root,ubuntu,linuxways<\/pre>\nAs you can see we are providing roles of editor and access to this user as admin privilege and users like root, ubuntu or linuxways can login to the servers in teleport cluster servers.<\/p>\n
After running the above command, you will see the output as shown on the screenshot below with the link to create a password for the user.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-153.png\")
<\/p>\n
Now, let’s browse the site and create a password for the user with the use of two-factor authentication as shown in the screenshot below.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-154.png\")
<\/p>\n
After you click on create account, the dashboard of the teleport Web UI will be shown. You will notice your newly created user with the list of nodes privileged to the user. For further details, check the screenshot as shown below.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-155.png\")
<\/p>\n
Adding a node to the cluster<\/h2>\n
To add a new node to the teleport cluster, run the command as shown below.<\/p>\n
First login to the teleport<\/p>\n
$ tsh login --proxy=tele.example.com --auth=local --user=admin-user<\/pre>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-156.png\")
<\/p>\n
Generate a token with a specified time limit, here we are limiting time for 1hour.<\/p>\n
$ tctl tokens add --type=node --ttl=1h<\/pre>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-157.png\")
<\/p>\n
Now download the teleport package to your new node. In our case, our new node is running with Ubuntu operating system. For that, go through the installation process as shown below..<\/p>\n
$ curl https:\/\/deb.releases.teleport.dev\/teleport-pubkey.asc | sudo apt-key add -<\/pre>\n$sudo add-apt-repository 'deb https:\/\/deb.releases.teleport.dev\/ stable main'<\/pre>\n$ sudo apt-get update<\/pre>\n$ sudo apt install teleport<\/pre>\nNow run this command on the new node by using the token created with the above command. For further details, check the command as shown below.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-158.png\")
<\/p>\n
As in our case, the hostname is testserver<\/strong> so we can verify it by browsing the site of Teleport WEB-UI and check on servers section as shown in the picture below.<\/p>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-159.png\")
<\/p>\n
Accessing the added server<\/h2>\n
Now, the new node has been added successfully so it is easily accessible with the WEB UI or terminal by simply clicking on connect and accessing it with the preferred user option on the list. For further details, check the screenshot as shown below.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-160.png\")
<\/p>\n
In our case, we selected root as a user then the next tab will be open where the new node server can be accessed as shown on the screenshot below.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2022\/01\/word-image-161.png\")
<\/p>\n
As you can see, we are easily executing the commands on the new node \u201ctestserver\u201d with the WEB UI of teleport.<\/p>\n
Conclusion<\/h2>\n
In this article, you have learnt how to install the teleport on Ubuntu 20.04 server and add the new node. Running the commands on the added server through the WEB UI of teleport is easy to do. Thank you!<\/p>","protected":false},"excerpt":{"rendered":"
Teleport is an open-source, easy to install certificate Authority system. In case you have different servers that are accessible through SSH, different Kubernetes databases, and Web apps. So…<\/p>","protected":false},"author":1,"featured_media":13829,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[830,100],"class_list":["post-13732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-teleport","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/13732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=13732"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/13732\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/13829"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=13732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=13732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=13732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}